If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

port knocking

Heya,

I am currently running a box and i would like to have my sshd,ftpd or either my inetd running just on purpose remotely, when im not at the office.

I have heard about portknocking (on /.) - do you have any idea about how good it can work, its failures (denial of services possible, hacker sniffing the tcp sequence in order to replicate it, only TCP used?) .. well mainly how wide it is used and if there is any good distribution of a such software (thats kind of professional) ?

Thats gonna give me a right idea about how interesting this solution is for me.

Instead to use that, you can established a VPN between your home (for example, can be roamming too) and your office and use those service thru a vpn tunnel. Maybe its more secure and easier to implement

I hadn't heard of this before, but it sure sounds like a great idea, and more, it's probably easily implemented using a shell script. That said, the first thing that strikes you is of course a sniffer. However, the attacker actually has to be looking for a portknock to find it. Not very likely, yet. It only using TCP doesn't seem to be such a drawback because sniffers pick up both TCP and UDP normally, and a determined attacker would sniff everything from the line. Other than that, I can't really see any drawbacks here. Of course, if the server you're starting is something that's inherently insecure (i.e. Telnet), you're obviously taking a risk.

Previously to visiting portknocking.org I had actually never heard of it... but before you even consider the construction of things such as VPNs ( which can cost quite a bit ) I wonder if you've considered a simpler implementation of security via xinetd with TCP wrappers. With xinetd, you can modify the time in whih the servers run so you they'll run when you're not at the office or whatever. It would also be easy to rig up your ftpd and sshd and drop the less secure inetd program.

A huge VPN can have a high cost, but for the usage specified here i dont think so. Server=linux, software=free, client=standard vpn client for Windows/*nix (free too). Basically is the same cost.
But may be is not you want.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.